Thursday, March 28, 2013

Yesterday, the picture on our Skype call to Molly kept freezing. When we disconnected and started again, the picture would come back but then after a minute or so would freeze again. It was a very frustrating experience!

Today, I have found what might be the reason for our problems in this article from the Guardian.

Spamhaus, which operates a filtering service used to weed out spam emails, has been under attack since 18 March after adding a Dutch hosting organisation called Cyberbunker to its list of unwelcome internet sites. The service has "made plenty of enemies", said one expert, and the cyber-attack appeared to be retaliation.

A collateral effect of the attack is that internet users accustomed to high-speed connections may have seen those slow down, said James Blessing, a member of the UK Internet Service Providers' Association (ISPA) council.

"It varies depending on where you are and what site you're trying to get to," he said. "Those who are used to it being really quick will notice." Some people accessing the online streaming site Netflix reported a slowdown.

Spamhaus offers a checking service for companies and organisations, listing internet addresses it thinks generate spam, or which host content linked to spam, such as sites selling pills touted in junk email. Use of the service is optional, but thousands of organisations use it millions of times a day in deciding whether to accept incoming email from the internet.

Cyberbunker offers hosting for any sort of content as long, it says, as it is not child pornography or linked to terrorism. But in mid-March Spamhaus added its internet addresses to its blacklist.

In retaliation, the hosting company and a number of eastern European gangs apparently enlisted hackers who have in turn put together huge "botnets" of computers, and also exploited home and business broadband routers, to try to knock out the Spamhaus system.

"Spamhaus has made plenty of enemies over the years. Spammers aren't always the most lovable of individuals, and Spamhaus has been threatened, sued and [attacked] regularly," noted Matthew Prince of Cloudflare, a hosting company that helped the London business survive the attack by diverting the traffic.

Rather than aiming floods of traffic directly at Spamhaus's servers – a familiar tactic that is easily averted – the hackers exploited the internet's domain name system (DNS) servers, which accept a human-readable address for a website (such as guardian.co.uk) and spit back a machine-readable one (77.91.248.30). The hackers "spoofed" requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.

Some of those requests will have been coming from UK users without their knowledge, said Blessing. "If somebody has a badly configured broadband modem or router, anybody in the outside world can use it to redirect traffic and attack the target – in this case, Spamhaus."

Many routers in the UK provided by ISPs have settings enabled which let them be controlled remotely for servicing. That, together with so-called "open DNS" systems online which are known to be insecure helped the hackers to create a flood of traffic.

"British modems are certainly being used for this," said Blessing, who said that the London Internet Exchange — which routes traffic in and out of the UK — had been helping to block nuisance traffic aimed at Spamhaus.

The use of the DNS attacks has experts worried. "The No 1 rule of the internet is that it has to work," Dan Kaminsky, a security researcher who pointed out the inherent vulnerabilities of the DNS years ago, told AP.

"You can't stop a DNS flood by shutting down those [DNS] servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them."

1 comment:

They say that the Internet is made up of 80% torrents and sex sites; the remaining 20% can be largely queried whereby most of which one reads is just plain nonsense. Your article 'A Possible Explanation' is one such example. It's just not true!

The Internet "War" which has been so prevalent over the past few days on news' sites is purely a distraction from other major stories around the world which have either been under-reported or ignored.

In your report there is scant evidence to suggest that anything actually happened at all. How gullible people really are, dragged into stories which have no basis of truth: